Folks, long time lurker, first time poster here. I just got home from passing the GPEN (560) exam. I took the SANS course back in December and finally bit the bullet.

You get 4 hours to do 150 questions with a 70% passing score. What I really liked about the exam setup was you see right away if you got the answer right or wrong. It looked exactly like the practice exams - total questions answered, right, wrong on the right bar. I knew I had passed (at least 105 right) about an hour in, so I was in cruise control the rest of the way. I'm a fast test taker (did the CISSP in 2), but thought four hours is a fair amount of time.

I thought the overall difficulty was ok - not too hard/not too simple. I'm glad I took the course though as it made me familiar with some of the techniques/technologies used. The exam was open book/notes, but there would be no way to look up each and every question in the time allotted.

You have to know what you're doing to pass, but it wasn't so difficult that only uber-geeks could pass. The questions were worded clearly - not weird and wordy like the CISSP. Everything you need to know is in the course books and real-world experience certainly helps as well.

Ed Skoudis was the course instructor and he's a dynamic speaker who really knows his craft. I highly recommend his teaching style. He doesn't teach you how to pass the test, but gives you the tools and knowledge to apply the techniques to succeed on the test.

xXxKrisxXx wrote:Congrats. What Book(s) That You've Read Or Skimmed Through Do You Think Helped You Prep For It? I've Heard Lots Of Positives About Skoudis All Around. Time To Update Your Sig

Thanks for the congrats, all. I think sitting in the class helped the most. A few days before the test I went through the practice tests and took notes on the ones I got wrong. I made a "cheat sheet" with some of the obscure command switches (hping, nc) and took it with me just in case. I didn't re-read the course books, but took them with me as well just in case I had extra time to look something up.

I'd also say that experience in the field helps as well. An experienced security person/pen-tester *should* have no problem passing this one. As I said before, the level of difficulty was pretty much what I expected - not too hard, and not too easy.

MicroJay wrote:Congrats! Ed does know his stuff! I took the GCIH course that he led a couple years back. Very detailed in what he teaches!

Ed's a pretty cool dude. He's a very polished, outgoing speaker. Even through some of the non-technical stuff (report writing), he made it semi-entertaining/bearable. He also had some funny side stories and name dropped quite a bit during the course.